admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-15 16:01:33 +00:00
parent 9668e3c173
commit 02f4f70873
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
6 changed files with 208 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2019/12xxx/CVE-2019-12411.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2019-12411",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

111
2020/11xxx/CVE-2020-11637.json
View File

@ -1,18 +1,117 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-08-12T00:00:00.000Z",
"ID": "CVE-2020-11637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Automation Runtime TFTP Service DoS Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation Runtime",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "4.1x"
},
{
"version_affected": "<",
"version_name": "4.2x",
"version_value": "N4.26"
},
{
"version_affected": "<",
"version_name": "4.3x",
"version_value": "N4.34"
},
{
"version_affected": "<",
"version_name": "4.4x",
"version_value": "F4.45"
},
{
"version_affected": "<",
"version_name": "4.5x",
"version_value": "E4.53"
},
{
"version_affected": "<",
"version_name": "4.6x",
"version_value": "D4.63"
},
{
"version_affected": "<",
"version_name": "4.7x",
"version_value": "A4.73"
}
]
}
}
]
},
"vendor_name": "B&R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Improper Release of Memory Before Removing Last Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

4
2020/13xxx/CVE-2020-13939.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

5
2020/16xxx/CVE-2020-16094.json
View File

@ -56,6 +56,11 @@
"url": "https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313",
"refsource": "MISC",
"name": "https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-67d9661fe2",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBLHUG2UCXVABAGN5FVTD3AB3YKE5NN/"
}
]
}

50
2020/25xxx/CVE-2020-25858.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25858",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vuln@vdoo.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Qualcomm QCMAP",
"version": {
"version_data": [
{
"version_value": "Fixed in October 2020"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote authenticated null dereference (CWE-476)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://vdoo.com/blog/qualcomm-qcmap-vulnerabilities",
"url": "http://vdoo.com/blog/qualcomm-qcmap-vulnerabilities"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers."
}
]
}

50
2020/25xxx/CVE-2020-25859.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25859",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vuln@vdoo.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Qualcomm QCMAP",
"version": {
"version_data": [
{
"version_value": "Fixed in October 2020"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local command injection (CWE-78)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://vdoo.com/blog/qualcomm-qcmap-vulnerabilities",
"url": "http://vdoo.com/blog/qualcomm-qcmap-vulnerabilities"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAP_CLI can be run via sudo or setuid, this also allows elevating privileges to root. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers."
}
]
}